Hackers have collected $1.6 million from selling more than 239,000 payment card records on the dark web. The batch was assembled from thousands of online shops running last year a tainted version of Volusion e-commerce software.
The compromise was discovered in October 2019 by Check Point security researcher Marcel Afrahim and affected stores hosted on the Volusion cloud platform.
Wide-scope operation
This was a web-skimming incident, where attackers use malicious JavaScript that steals payment data when customers provide it at checkout.
In this case, the hackers modified a resource used on Volusion-based stores for navigating the UI menu. This resource loaded the skimmer from an external path.
Evidence found by Trend Micro indicates that the attack started on September 7 and is the work of FIN6.
RiskIQ refers to them as MageCart Group 6 and assesses that it goes only after high-profile targets that ensure a large volume of transactions.
Significant damage
A report from Gemini Advisory today informs that whoever compromised the Volusion infrastructure waited until November 2019 to start selling the data on the dark web.
Until now, they offered more than 239,000 payment card records on a single dark web marketplace and made $1.6 million. This data was from hundreds of different merchants.
Gemini determined that the number of compromised stores is as high as 6,589, which is in line with results from a search for sites with the modified Volusion JavaScript.
The researchers est ..
Support the originator by clicking the read the rest link below.
